hi rob
it wouldn't surprise me if it was my bad, since this is my very first installation of a radius
server. anyway, i've tested it with NTRadPing and here are my results:
reply packet code=2 id=1 length=20
response: Access-Acceppted
(i must note, that i did of course have to add another ip-secret-combination to the config files,
since i did this test on the computer running the server and not from the monowall itself. anyway, i
checked the secred on both monowall and radius server and they are both "mono"
here are all the entries in config.xml concerning radius auth:
<radiusip>192.168.1.155</radiusip>
<radiusport/>
<radiuskey>mono</radiuskey>
<auth_method>local</auth_method>
<bwauthmacup></bwauthmacup>
<bwauthmacdn></bwauthmacdn>
<bwauthipup></bwauthipup>
<bwauthipdn></bwauthipdn>
<bwdefaultup></bwdefaultup>
<bwdefaultdn></bwdefaultdn>
<redirurl/>
<radiusacctport/>
i do not use any bandwith things and no "Accounting" i just use what could be used with version 1.11
of monowall. actually, the only reason why i installed a radius server and tried all this out is,
that i hacked versino 1.11 to use https for the captive portal over the week-end and then i found
out, that you where doing this in the current beta, so i wanted to see if we both implemented the
same solution.. and yes, it's pretty similar i guess ;)
one thing i would like to encurage you: when such an error happenes (which obviousley is possible
even with other radius servers with wrong configurations) the endless-loop thing should be
prohibited so taht monowall won't hang just because some user doesn't abort the process ;) ... maybe
changing line 129 in the radius_authentication.inc file and add an "or die('an error happened');" to
it would not be a bad idea.
that line would look like this:
$payload_upack = unpack("Cnum/Clen/C*value",$pack_upack[payload]) or die("an error happened");
this would prevent the enldless loop (maybe adding a similar thing to the shift operations inside
the while loop would be good too...
hope to have provided useful informations.
cheers
pascal
-----Ursprüngliche Nachricht-----
Von: Rob Parker [mailto:rob dot parker at keycom dot co dot uk]
Gesendet: Mo 07.03.2005 17:57
An: Pascal Suter; m0n0wall dash dev at lists dot m0n0 dot ch
Cc:
Betreff: RE: [m0n0wall-dev] 1.2b6 bug with radius auth
Hi Pascal,
I might be able to help here - this is probably caused by an old version of
the patches to captive portal I wrote being integrated (my fault - I didn't
send the latest ones to Manuel in time!). Are you using the per-user captive
portal bandwidth limits with your captive portal? Also, do you know exactly
what your radius server is returning to m0n0wall when a user tries to
authenticate (you can use NTRadPing to find this out quite easily) - if you
forward me on the information I'll take a look at it for you and see if I
can work out why! I did all my testing against FreeRadius, and only ever
came across this problem if the wrong secrets were used in RADIUS or the
m0n0wall.
Cheers!
Rob.
-----Original Message-----
From: Pascal Suter [mailto:mail at psuter dot ch]
Sent: 07 March 2005 17:03
To: m0n0wall dash dev at lists dot m0n0 dot ch
Subject: [m0n0wall-dev] 1.2b6 bug with radius auth
hi. i just installed the current beta version of monowall and tried to setup
a radius server for it.
i've installed Multitech's Free Windows Radius server, as described in the
documentation, only i did install version 2.1 of the multitech server. my
setup worked with m0n0wall version 1.11 and now with version 1.2b6 the
captive portal gets into an endless loop after i entered my username and
password. it then displays the folowing:
Warning: unpack(): Type C: not enough input, need 1, have 0 in
/usr/local/captiveportal/radius_authentication.inc on line 130 Warning:
array_shift(): The argument should be an array in
/usr/local/captiveportal/radius_authentication.inc on line 136 Warning:
array_shift(): The argument should be an array in
/usr/local/captiveportal/radius_authentication.inc on line 138 Warning:
array_shift(): The argument should be an array in
/usr/local/captiveportal/radius_authentication.inc on line 136 Warning:
array_shift(): The argument should be an array in
/usr/local/captiveportal/radius_authentication.inc on line 138 Warning:
array_shift(): The argument should be an array in
/usr/local/captiveportal/radius_authentication.inc on line 136 Warning:
array_shift(): The argument should be an array in
/usr/local/captiveportal/radius_authentication.inc on line 138 Warning:
array_shift(): The argument should be an array in.......... (continuing as i
stated in an endless loop)
my environment:
2 virtual pc's (using ms virtual pc) one is running monowall generic pc
image and the other one is running windows 98 SE with that radius server.
hope this helps you out. i'm sorry i can't help on the solution since i have
no clue about how radius works and i don't intend on changing this in the
next days ;)
cheers
pascal